CVE-2012-0249

Published: 5 April 2012

Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.

Priority

Status

Package	Release	Status
quagga Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Released (0.99.20.1-0ubuntu0.10.04.2)
	maverick	Ignored (end of life)
	natty	Released (0.99.20.1-0ubuntu0.11.04.2)
	oneiric	Released (0.99.20.1-0ubuntu0.11.10.2)
	precise	Released (0.99.20.1-0ubuntu0.12.04.2)
	upstream	Released (0.99.20.1-1)

References

http://www.kb.cert.org/vuls/id/551715
https://ubuntu.com/security/notices/USN-1441-1
https://www.cve.org/CVERecord?id=CVE-2012-0249
NVD
Launchpad
Debian

Bugs

https://bugzilla.quagga.net/show_bug.cgi?id=705

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›